Hello,
this email concerns the issue multiple user names on the same user id
in Unix/Linux and jk_chrootsh not allowing some sophisticated stuff.
The problem with jk_chrootsh not having the login *name* of the
logged in user probably stems from the problem of the user name
lookup: If /etc/passwd has something like
web1:x:1001:..... user01:x:1001:..... user02:x:1001:.....
the lookup function for a user id will probably just return "web1"
for user id 1001, no matter what or who is "really" logged in. Now
would be a good point (as Olivier said), to know what POSIX expects.
The problem of course is also that jailkit may not trust any
arbitrary external env variables:
http://www.lst.de/~okir/blackhats/node39.html
Such variables would be available as "USER" or "USERNAME" (both set
to the same value on my system).
At the moment (if I'm not mistaken) jk_chrootsh.c (jailkit 2.5, line
201 outside the jail, line 378 inside the jail) gets the user like
this: pw = getpwuid(getuid());
A possible way to work around this (I haven't completely thought it
throught), would be to use an environment variable with the help of
http://www.opengroup.org/onlinepubs/009695399/functions/getpwnam.html
but then check the returned uid of getpwnam with getuid. If the uids
mismatch, someone is obviously trying to inflict problems or gain
unauthorised privileges. If they match things are probably ok.